Learn how Capital One builds with serverless at a massive scale

Nearly everything we do at Capital One is rooted in technology. With a tech workforce of more than 14,000 people—mostly engineers—we’re a bank that operates like a leading tech company.

In 2020, we closed our last remaining data center to go all-in on the cloud and became one of just two Fortune 150 companies to accomplish this feat. Today, we run thousands of applications on AWS and embrace a serverless-first approach. In fact, we’re one of the largest users of AWS—alongside tech leaders like Netflix.

Serverless at an enterprise level allows us to extend the value of the cloud. With serverless computing, our developers can focus their expertise on writing exceptional code, rather than spending energy on the time-consuming tasks involved with managing and operating servers. Developers welcome the shift to serverless because it opens up more time for the creative process.

Our business teams are also happy with the shift, because serverless aligns our infrastructure costs with delivering value to our customers. We no longer have clusters of servers waiting for work. Instead, we have event-based applications that run when there’s work to be done. AWS abstracts the server management away, allowing our applications to scale automatically, execute code in response to specific events and only incur costs when the code is actually running.

Today, we focus a lot of attention on modern applications. Which means we’re building a variety of microservices that can scale as needed, without the entire app having to scale uniformly. 

Ultimately, serverless at Capital One is about streamlining the way we build software, reducing operational overhead and enabling our developers to focus on driving innovation and solving complex business challenges. That’s a powerful change in the way we build applications.

At Capital One, managing serverless technology at a massive scale presents unique challenges, particularly due to our extensive scope of operations. We run thousands of accounts, and in those accounts, we have tens of thousands of Lambda functions. For our engineering teams, managing this vast deployment manually is out of the question.

We also have thousands of associates spread across many Lines of Business (LOBs)—from retail banking and credit services to risk management and security. Each LOB has its own unique goals, resulting in specific needs and technology implementations, which can lead to siloed decision-making.

We quickly recognized that to manage serverless at scale responsibly, we needed to establish rigorous development and account management standards. To this end, we created a Serverless Center of Excellence (COE). But the Serverless COE is about more than oversight; it’s about reducing technical debt, driving serverless maturity and empowering our developers to work smarter and more efficiently across all platforms and services.

The Serverless Center of Excellence (COE) at Capital One has been pivotal in our serverless journey. The center is comprised of diverse teams tasked with defining standards and best practices for using serverless efficiently and sustainably across the enterprise.

To avoid siloed decisions, the Serverless COE is structured to include representatives from all lines of business (LOBs). Our Serverless COE leadership includes an executive and a lead distinguished engineer. These two leaders meet with the LOB representatives each month to discuss a range of ongoing enterprise issues—such as rationalizing the runtime deprecation process, setting Lambda default settings and planning ongoing developer training. The proactive approach helps us stay ahead of potential challenges and ensure our serverless operations are both current and efficient.

We also hold bi-weekly meetings where teams discuss progress and share best practices. The goal is to ensure that all our serverless implementations align with a unified strategy that minimizes technical debt, maximizes performance and upholds security and compliance standards.  The Serverless COE has been instrumental in driving serverless adoption.

Ultimately, it doesn’t just dictate standards—it builds consensus and understanding across the business, demonstrating the value of modernizing our platforms in a way that delivers sustainable benefits.

As we discovered in our serverless journey, there will be a learning curve for all developers. Here are three best practices we’ve identified for companies getting started with serverless on AWS:

• Start small: Encourage developers to familiarize themselves with core serverless concepts and how serverless architecture differs from traditional server-based environments. They should start by experimenting with simple Lambda functions to get a feel for how serverless functions respond to events.
• Master local development tools: Tools like the AWS Serverless Application Model (SAM) will help teams test and debug their applications before deployment. The SAM CLI, which is accompanied by a Docker image for each runtime Lambda supports, allows users to write and test functions locally, emulating their behavior in AWS. The goal is for dev teams to be able to write all their Lambda functions locally—and iterate until it works before moving on to the next step (using the CI/CD features of SAM to deploy the applications into AWS). This will save a lot of time and allow developers to do what they're used to, which is local debugging. 
• Implement security standards from the outset: For developers, this should include setting appropriate function timeouts and memory settings, understanding the pricing models and using logging and monitoring tools effectively. Ensure engineers are aware of AWS-specific practices, like setting CloudWatch log retention policies and using the correct versions of SDKs. Provide teams with the resources they need to stay informed about the latest best practices, especially in areas like security, resource allocation and error management.